Viruses noted by scanner, delivered anyway
Mike Kercher
mike at CAMAROSS.NET
Sat Sep 13 00:47:13 IST 2003
This may be a stupid question, but does Clam disinfect or just detect?
Mike
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Nicholas Esborn
Sent: Friday, September 12, 2003 3:40 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Viruses noted by scanner, delivered anyway
Hello,
I've been comparing logs between my MailScanner instance and a WebShield
E500 which scans mail after MailScanner is done with it. I've noticed a few
viruses in the E500's logs. That is even stranger, the viruses are noted by
MailScanner, but then delievered anyway!
For example, this one got through and was later caught by the E500:
Sep 12 06:38:01 mailscanner1 MailScanner[16264]: New Batch: Scanning 2
messages, 123570 bytes
Sep 12 06:38:01 mailscanner1 MailScanner[16264]: Spam Checks: Starting
Sep 12 06:38:01 mailscanner1 MailScanner[16264]: Virus and Content Scanning:
Starting
Sep 12 06:38:02 mailscanner1 MailScanner[16264]:
/var/spool/filter/MailScanner/incoming/16264/./h8CDbwCE026065/AutoText.com:
W32/Magistr.B5 FOUND
Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Virus Scanning: ClamAV
found 1 infections
Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Virus Scanning: Found 1
viruses Sep 12 06:38:02 mailscanner1 MailScanner[16264]: Uninfected:
Delivered 2 messages
Note that I'm not able to deny .com and .exe attachments, as a matter of
policy. I do block .pifs and .scrs.
Some relevant settings:
Virus Scanners = clamav
Deliver Disinfected Files = no
Silent Viruses = Klez Yaha-E Bugbear Braid-A WinEvar Sobig Still Deliver
Silent Viruses = no Quarantine Infections = yes Quarantine Whole Message =
yes Quarantine Whole Messages As Queue Files = yes Deliver Cleaned Messages
= yes
Thanks for any help,
-nick
--
Nicholas Esborn
Affymetrix, Inc.
510/428.8505
Every message PGP signed
More information about the MailScanner
mailing list